US11750389B2ActiveUtilityA1

System, method, and computer program product for performing hardware backed symmetric operations for password based authentication

64
Assignee: DIGITAL 14 LLCPriority: Mar 13, 2019Filed: Sep 24, 2021Granted: Sep 5, 2023
Est. expiryMar 13, 2039(~12.7 yrs left)· nominal 20-yr term from priority
H04L 9/3226H04L 9/0819H04L 9/3242H04L 63/1466H04L 9/3234H04L 63/083H04L 63/0435
64
PatentIndex Score
0
Cited by
7
References
20
Claims

Abstract

A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method, comprising:
 receiving, by a system, a request to access software utilizing password-based authentication; 
 receiving, by the system, a password for the password-based authentication; 
 computing, by the system, a hash utilizing the password and a hardware-based authenticator associated with hardware of the system, wherein the hash is computed utilizing a combination of a single implementation of a hardware-based symmetric encryption algorithm provided by a hardware-backed cryptographic module of the system and a single implementation of a software-based one-way pseudorandom function; and 
 verifying, by the system, that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software. 
 
     
     
       2. The method of  claim 1 , wherein the hardware-based authenticator is generated after the password is received. 
     
     
       3. The method of  claim 2 , wherein the password is received from a user via a user interface. 
     
     
       4. The method of  claim 1 , wherein the hash is computed by utilizing the single implementation of the software-based one-way pseudorandom function after the single implementation of the hardware-based symmetric encryption algorithm. 
     
     
       5. The method of  claim 4 , wherein the single implementation of the hardware-based symmetric encryption algorithm is utilized to generate a symmetric encryption of the hardware-based authenticator. 
     
     
       6. The method of  claim 5 , wherein the single implementation of the software-based one-way pseudorandom function utilizes the password and the symmetric encryption of the hardware-based authenticator. 
     
     
       7. The method of  claim 1 , wherein the hash is computed by utilizing the single implementation of the software-based one-way pseudorandom function before the single implementation of the hardware-based symmetric encryption algorithm. 
     
     
       8. The method of  claim 7 , wherein the single implementation of the software-based one-way pseudorandom function generates a hash of the password. 
     
     
       9. The method of  claim 8 , wherein the single implementation of the hardware-based symmetric encryption algorithm generates a symmetric encryption of the hardware-based authenticator. 
     
     
       10. The method of  claim 1 , wherein the software-based one-way pseudorandom function is associated with HMAC (keyed-hash message authentication code). 
     
     
       11. A non-transitory computer readable medium storing computer code executable by a processor of a system to perform a method comprising:
 receiving a request to access software utilizing password-based authentication; 
 receiving a password for the password-based authentication; 
 computing a hash utilizing the password and a hardware-based authenticator associated with hardware of the system, wherein the hash is computed utilizing a combination of a single implementation of a hardware-based symmetric encryption algorithm provided by a hardware-backed cryptographic module of the system and a single implementation of a software-based one-way pseudorandom function; and 
 verifying that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software. 
 
     
     
       12. The non-transitory computer readable medium of  claim 11 , wherein the hardware-based authenticator is generated after the password is received. 
     
     
       13. The non-transitory computer readable medium of  claim 12 , wherein the password is received from a user via a user interface. 
     
     
       14. The non-transitory computer readable medium of  claim 11 , wherein the hash is computed by utilizing the single implementation of the software-based one-way pseudorandom function after the single implementation of the hardware-based symmetric encryption algorithm. 
     
     
       15. The non-transitory computer readable medium of  claim 14 , wherein the single implementation of the hardware-based symmetric encryption algorithm is utilized to generate a symmetric encryption of the hardware-based authenticator. 
     
     
       16. The non-transitory computer readable medium of  claim 15 , wherein the single implementation of the software-based one-way pseudorandom function utilizes the password and the symmetric encryption of the hardware-based authenticator. 
     
     
       17. The non-transitory computer readable medium of  claim 11 , wherein the hash is computed by utilizing the single implementation of the software-based one-way pseudorandom function before the single implementation of the hardware-based symmetric encryption algorithm. 
     
     
       18. The non-transitory computer readable medium of  claim 17 , wherein the single implementation of the software-based one-way pseudorandom function generates a hash of the password. 
     
     
       19. The non-transitory computer readable medium of  claim 18 , wherein the single implementation of the hardware-based symmetric encryption algorithm generates a symmetric encryption of the hardware-based authenticator. 
     
     
       20. A system, comprising:
 a memory storing instructions, and 
 a computer processor executing the instructions for: 
 receiving a request to access software utilizing password-based authentication; 
 receiving a password for the password-based authentication; 
 computing a hash utilizing the password and a hardware-based authenticator associated with hardware of the system, wherein the hash is computed utilizing a combination of a single implementation of a hardware-based symmetric encryption algorithm provided by a hardware-backed cryptographic module of the system and a single implementation of a software-based one-way pseudorandom function; and 
 verifying that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.